VulnerableCode Package Details - pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5

purl	pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-kqmg-p3y1-7qd5	Liferay Portal and Liferay DXP fails to check origin of event messages The Remote App module before 2.0.21 from Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.	CVE-2022-25146 GHSA-ghw5-998m-vw4w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T20:57:18.252837+00:00	GitLab Importer	Fixing	VCID-kqmg-p3y1-7qd5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay.portal/release.dxp.bom/CVE-2022-25146.yml	38.6.0